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(54) Securing feature activation in a telecommunication system 



(57) Periodically sending by a telecommunication 
controlled application an encrypted message to a 
license server to request permission to cun and to 
obtain a list of permitted features. The Rcense sen/er 
application is executing on the same processor as the 
controlled application. Also resident on the same sys- 
tem is a license file which contains a list of applications 
that are permitted to run, the version number of the per- 
mitted applications and a list of penriitted features. The 
license server is responsive to the encrypted message 
from the controfled application to read and decrypt the 
license file, read the serial number of the processor con- 
trolling the telecommunications system, compare the 
serial number obtained from the processor with the 
serial number stored in the license file. If there is a mis- 
match, no license is granted to the control applications 
and it will not be allowed to run. If the serial numbers 
match, then a comparison is made between the version 
number received from the application and the corre- 
sponding version number associated with the applica- 
tion in the ficense file. If the version number mis- 
matches, an encrypted message is sent to the applica- 
tion denying it pennission to run. If the version number 
matches, an encrypted message is sent to the applica- 
tion granting it permission to run and listing the permit- 
ted features. To decrypt the license file, the license 
server utilizes a key that is assigned to the license 
server either globally or on a per system basis. 
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DescripUon 
Technical Field 

[0001] This invention relates to the securing of pro- 
grams and tables and, in particular, to protecting actua- 
tion of features and software within a 
telecommunication switching system. 

Background of the Invention 

[0002] Within the prior art, It is well icnown to sell or 
lease software both from the point of view of the basic 
program and from the features that the program is 
aOowedto Implement Normally, each release or version 
of a particuiar software package for a customer premise 
telecommunication switching system contains a large 
number of features; however, the customer chooses 
and pays for only a subset of the total number of fea- 
tures. Features in a telecommunications switching sys- 
tem refer to certain specialized operations such as call 
hold, can transfer, automatic route selection, etc. An 
ongoing problem in the art is to prevent newer versions 
of the software from being pirated and used on unau- 
thorized switching system or the custom'er actuating 
features for which the customer has not paid. Within tel- 
ecommunications switching systems in the prior art, 
these problems have been addressed by using pass- 
words that only allow authorized individuals to have 
access to the telecommunication switching system for 
enabfing features or new software versions. 
[0003] The problem of securing software is a com- 
mon problem throughout the computer industry as well. 
Three methods have been utilized to address this prob- 
lem. One is to distribute the software utilizing a CD-Rom 
and to include a key that must be entered to enable the 
software program. This solution does not soh^e the cop- 
ying problem since the key is nonnally printed on the 
CD-Rom cover, and anyone can install the software as 
many times as they wish, however illegal it m^ be. A 
second method is to use a special piece of hardware 
that is commonly referred to as "dongle". The dongle is 
a special piece of hardware that connects to the serial 
or parallel port of the computer. The software executing 
on the computer sends a random number to the dongle. 
The dongle performs a secret computation and returns 
a resuft. The software makes a like computation; if the 
two conr^)utatlons match, the software continues to run. 
To work satisfactorily, the response must include feature 
and version Infomiation. The use of the dongle is cum- 
bersome when it fails. If the dongle fails, then the sys- 
tem is down until a new dongle can be physically 
obtained on site. Also, once made, the dongle is fixed. If 
it was used for feature activation, a new dongle is 
required for each additional feature that is purchased. 
[0004] A third method (as described in PC Maga- 
zine, p. 35, December, 1998) is to freely distribute the 
CD-Rom disks. When the CD-Rom is inserted into a 



computer, the computer automatically connects to a 
remote server via the Internet or a dial up conneaion to 
receive a machine-specific key. The key unlocks the 
software so that it can be utilized on that computer. The 

5 remote server also obtains the necessary payment 
infomr\ation from the computer user. The third method 
does not function well for a telecommunication switch- 
ing system since it does not provide for the authoriza- 
tion to use different features of the same software 

JO application nor is it dependent on the version of the soft- 
ware being requested. In addition, it does not provide 
the necessary authorization of personnel to make such 
a request 

15 Summary of the Invention 

[0005] A departure in the art is achieved by an 
apparatus in method where a controlled application, 
such as a telecommunk:ation application, periodk;ally 

20 sends an encrypted message to a license server to 
request permission to run and to obtain a list of permit- 
ted features. The license server application is executing 
on the same processor as the controlled apprication. 
Also resident on the same system is a license file whtoh 

2S contains a list of applications that are permitted to run, 
the version number of the pemnitted appHcations and a 
list of pemriitted features. The license server is respon- 
sive to the encrypted message from the control applica- 
tion to read and decrypt the license file, read the serial 

30 number of the processor controlling the telecommunica- 
tions system, compare the serial number obtained from 
the processor with the serial number stored in the 
license file, If there is a mis-match, no license is granted 
to the control applications and it will not be allowed to 

35 run. If the serial numbers match, then a comparison is 
made between the version number received from the 
application and the corresponding version number 
associated with the application in the license file. If the 
version number mis-matches, an encrypted message is 

40 sent to the application denying it permission to run. If 
the version number matches, an encrypted message is 
sent to the application granting it permission to run and 
listing the permitted features. To decrypt the license file, 
the license server utilizes a key that is assigned to tiie 

45 license server elttier globally or on a per system basis. 
[0006] Other and further aspects of the present 
invention will become apparent in the course of the fol- 
lowing description and by reference to the accompany- 
ing drawing. 

50 

Brief Description of the Drawing 

[0007] Referring now to the drawing: 

55 FIG. 1 illustrates, in block diagram fomn, the 
arrangement of software within telecommunication 
switching system 1 00; 

FIG. 2 illustrates, in flow chart form, the steps per- 
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formed by a license server; and 

FIG. 3 illustrates, in flow chart form, steps per- 

fomied by a remote database. 

pi»tflited Description 

[0008] FIG. 1 illustrates telecommunications switch- 
ing system 1 00 Interconnected to public telephone net- 
work 104. Telecommunications switching system 100 
includes telephone sets 106-107. The features and 
operations provided by telecommunication switching 
system 100 to telephones 106-107 and its Interactions 
with public telephone network 1 04 are well known in the 
art. Control processor 102 executes call control applica- 
tion 1 14 via operating system 11 1 to perfonn the tele- 
communication functions and features. Control 
processor 102 communk:ates with switching network 
103 via LAN 110, One skilled in the art could readily 
envision that control processor 102 could communicate 
with switching network 103 via a direct connection such 
as a connection via the processor bus of control proces- 
sor 1 02. Operating system 1 1 1 Is a conventional operat- 
ing system allowing for the execution of applications 
such as call control applteation 1 1 4 and for the intra- 
applicatlon communication of messages. Personal com- 
puter (PC) 120 is utiFized by service personnel to admin- 
ister telecommunteation switching system 100. These 
functions of the sendee personnel will be described 
later Switching network 103 provides all of the neces- 
sary telecommunteat'on switching and interfacing that is 
required in telecommunication switching system 100. 
Modem 108 is dire<^ly connected to control processor 
102 so that control processor 102 can contact remote 
database 109 via public telephone network 104. One 
skilled in the art couki readily envision that modem 1 06 
could be Interconnected to central processor 102 via 
LAN 110. Similarly, remote database 109 can establish 
a communk:ation channel with control processor 102 
via puUk; telephone network 104 and modem 106. 
[0009] In accordance with the invention, at initializa- 
tion and periodically during its execution, call control 
appficatfen 1 14 sends an encrypted message to license 
server 113 via operating system 111. The encrypted 
message requests permission to run and to obtain a list 
of permitted features. The encrypted message also 
includes the version number for call control application 
114. License server 1 13 is responsive to the encrypted 
message to access Dcense file 112. License server 1 13 
decrypts Dcense file 1 12 in order to obtain the list of per- 
mitted features, version number of call control applica- 
tion 114, and the serial number of control processor 
102. License server 1 13 via operating system 1 1 1 then 
reads the serial number from control processor 102. 
License server 113 then compares the serial number 
obtained from license file 112 and the serial number 
from control processor 102, If there is a match, license 
server 1 13 then compares the version number received 
from call control application 114 witti the version 



number contained in license file 1 12. If there is a match, 
license server 113 transmits an encrypted message to 
call control application 114 infonning It that it can run 
and the features that may execute. In addition, Ifcense 

5 file 112 can contain an expiration date tiiat license 
server 1 13 checks to see If it has expired. If the expira- 
tion date has expired , license server 113 will not give 
call control applteatton 1 1 4 pennission to execute. Note, 
that any otiier appHcations running on telecommunk;a- 

10 tion switching system 1 00 can utilize the same mecha- 
nism as call control application 1 1 4 to detemnine if they 
are to be allowed to execute and what options they may 
execute. 

[0010] License file 112 must be obtained from 

15 remote database 1 09. Similarly, password file 1 1 6 must 
also be provided by remote database 109. Password file 
1 16 allows a user utilizing PC 120 to gain access and to 
perform certain operations with respect to telecommuni- 
cation switching system 100. An example of a common 

20 task that a servfee personnel might perfonn via PC 1 20 
would be to shut telecommunication switching system 
100 down or perform routine maintenance functions. 
Remote database 109 can initialize the downloading of 
license file 112 via public telephone network 104 and 

25 modem 108. When tills downloading occurs, control 
processor 102 will execute system applcation 117 to 
properly store the license file in license file 1 12 as it is 
received from remote database 109. Similarly, control 
processor 102 can also automatically request the 

30 license file 1 12 from remote database 109. In addition, 
a user of PC 120 can request a copy of the license file 
by logging on to remote database 109 via publk: tele- 
phone network 104. The PC 120 then loads the Iteense 
file into memory 1 01 via LAN 1 1 0 and control processor 

35 102. 

[0011] When a request is made of remote database 
109 for a copy of the ficense file, remote database 109 
verifies tiie identify of the entity requesting the copy, 
accesses the file defining the serial number, features 
40 and version numbers that should be included in the 
license file and the password file, and tiien, transmits 
the copy of the license file to telecommunication switch- 
ing system 1 00. 

[0012] FIGS. 2 and 3 illustrate, in flowchart form, 
45 the steps performed by license server 1 13 in response 
to an encrypted message from call control application 
1 14. The receipt of the encrypted message is detected 
by block 200 which transfers control to block 201. The 
latter block reads the serial number from control proces- 
50 sor 102 before transferring control to decision block 
202. The latter dedsion block verifies that a serial 
number has been read from control processor 1 02. If an 
enror occurs, control is transferred to bk>ck 203 whbh 
logs an ermr before transferring control to block 213. 
55 Block 213 fomnulates a message indicating that call 
control application 114 can not execute and transfers 
this to- block 309 of FIG. 3 whose operation will be 
descnlaed later. Returning to decision block 202. if an 
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error has not occurred, license file 1 12 Is read. Decision 
block 206 verifies that an error did not occur in the read- 
ing of license file 112 from memory 101. If an error did 
occur, control is transferred to blodc 207 which logs the 
fiact that an error occurred before transferring control to 5 
block 213. If an en-or did not occur, control is transferred 
to block 208 which formulates the key to be utilized In 
decrypting Hcense file 112. One skilled in the art couid 
readily envision that Ticense file 1 12 could be encrypted 
with more than one key» and that block 206 would need to 
to formulate all of the necessary keys. After Iteense file 
112 has been decrypted, control is transfen-ed to block 
211 which compares the serial number stored by 
Iteense server 1 1 3 and the serial number read from con- 
trol processor 102. Decision block 212 determines if an is 
er?x>r or mis-match has occurred in the comparison of 
the serial numbers, if the answer is yes, control is trans- 
ferred to dedsion block 213. If the answer is no in deci- 
sion block 21 2, control is transfen-ed to block 301 of FIG. 
3. 20 
[0013] Block 301 obtains the present date and time 
before transfemng control to decision block 302. The 
latter decision block compares the present date and 
time v/rth that read from fcense fite 1 12 to determine if 
the execution of call control applteation 1 1 4 has expired. 25 
If the answer is yes, control is transferred to block 307 
which formulates a denial to be sent back to call control 
appfication 114 before transferring control to block 309. 
If the answer is no In decision block 302, control is trans- 
fen^d 303 which detennines the information being 30 
requested by call control application 114 before trans- 
ferring control to block 304. Block 304 decrypts the 
message that had been received call control application 
114. In particular, it verifies that the version number 
being requested by call control application 114 are 35 
allowed by the infonnation that is in Jlcense file 112. 
After performing these operations in block 304. control 
is , transferred to block 306 which determines if the 
requested information and version number mis-match. 
If the answer is yes. control is transfen-ed to block 307. 40 
[0014] If the answer is no in decision block 306, 
control is transferred to block 308 which formulates a 
response to be transmitted to call control application 
114 informing it of the features that it may execute 
before control is transferred to block 309, Block 309, 45 
encrypts the various messages received either from 
block 213, block 308, or block 307 before transferring 
control to block 31 1 . Block 31 1 transmits the encrypted 
message to call control application 114 via operating 
system 111. so 

Claims 

1. A method for protecting actuation of a plurality of 
features and a plurality of controlled applksations. ss 
comprising the steps of: 

sending (200) a first message to a license 
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server, by one of the plurality of controlled 
applications, requesting pemnlssion to continue 
execution and identification of ones of the plu- 
rality of features that are to be provide by the 
one of the plurality of controlled applications; 
CHARACTERIZED BY 

obtaining (201), by the license server, a first 
serial number of a processor on which both the 
license server and the one of the plurality of 
controlled applications are executing; 
accessing (204). by the license server, a 
license file to obtain a second serial number of 
a processor on which the one of the plurality of 
controlled appfications is allowed to execute 
and ldentificatk>n of an allowed set of the plu- 
rality of features that the one of the plurality of 
controlled applications is to provide; 
comparing (21 1 ). t>y the license server, the first 
serial number with second serial number; 
transmitting (308). by the license server, a sec- 
ond message to the one of the plurality of con- 
trolled appRcations indk:ating that the one of 
the plurality of controlled applications can con- 
tinue execution and including identification of 
the allowed set of the plurality of features upon 
the first serial number and second serial 
number being equal; 

continuing execution (114). by the one of plu- 
rality of the controlled applications, in response 
to the second message; and 
providing (114) the allowed set of the plurality 
of features In response to the second message 
by the one of the plurality of controlled applica- 
tions, 

2. The method of claim 1 wherein the step of sending 
comprises the step of including a first version 
number of the one of the plurality of controlled 
applications in the first message; 

the step of accessing comprises the step of 
reading a second version number from the 
ik:ense file of a set of the plurality of controlled 
applications that are allowed to execute on the 
processor defined by the first serial number; 
the step of comparing further compares the 
first version number with the second version 
number, and 

the step of transmitting further transmits the 
second message upon the first serial number 
and second serial number being equal and the 
first version number and the second version 
number being equal. 

3. The method of claim 2 wherein the license file is 
encrypted and the step of accessing further com- 
prises the step of decrypting the license file. 
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4. The method of claim 3 wherein the first message is 
encrypted and the step of obtaining further com- 
prises the step of decrypting the first message. 

5. The method of claim 4 wherein the first and second s 
messages are communteated via an operating sys- 
tem. 

6. The method of claim 3 wherein the second mes- 
sage is encrypted and the step of continuing excu- io 
tbn comprises the step of decrypting the second 
message. 

7. The method of claim 6 wherein the first and second 
messages are communicated via an operating sys- is 
tern. 

8. The method of claim 1 wherein the step of transmit- 
ting further transmits a third message to the one of 

the plurafity of controlled applications indicating that 20 
the one of the plurality of controlled applications 
should cease execution upon the first serial number 
and second serial number not being equal. 

9. The method of dalm 8 further comprises the step of 2S 
ceasing execution, by the one of the plurality of con- 
trolled applications, upon receipt of the third mes- 
sage. 

10. Apparatus for protecting actuation of a plurality of oo 
features and a plurality of controlled applications, 
connprising means adapted to carry out the steps of 

a method as claimed in any of the preceding daims. 
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